Cyber resilience addresses the ability of an organization to respond to and recover from the effects of a cyber attack.
An effective cyber-resilience strategy relies on several operational activities: business continuity (BC), disaster recovery (DR), incident response and cybersecurity plans. The goal is to ensure the organization can resume operations as soon as possible in the aftermath of a successful cyber attack.
In practice, the above elements usually exist in silos. A successful cyber-resilience plan depends on understanding the interrelationships among these parts and how each component complements the functions of the others.
How to achieve cyber resilience
Cyber resilience is similar to business resilience -- both attempt to help an organization adapt quickly as it responds to disruptive events. The components underpinning cyber resilience must first be understood before they can be managed, maintained and improved.
To achieve cyber resilience and build a strong cyber-resilience strategy, organizations should do the following.
1. Get input
Ask senior leaders across the organization to define what cyber resilience means for them. Their input helps identify the most important business activities to management.
2. Identify essential operational activities
Using the input gathered, identify what is needed for the organization to produce its products and services.
Perform a business impact analysis (BIA) to identify mission-critical business processes. This includes the people, plans, technologies and facility resources needed to enable those processes, as well as the potential impact to the organization if a cyber attack interrupts those processes. If an existing BIA report is available, use the results, and determine how a cyber attack might or might not derail business processes identified in the BIA.
Use the BIA research to determine resilience components -- the priorities that must be returned to normal operation as soon as possible after a cyber attack. This ensures the organization can bounce back from an incident as quickly as possible.
3. Perform a risk analysis
A risk analysis based on a BIA can identify the most likely internal and external cyberthreats to the organization's ability to conduct business. Use threat and vulnerability analyses to identify weaknesses, such as an insecure network perimeter, that could increase the risk of a cyber attack. Conduct penetration tests to identify potential cyber vulnerabilities.
4. Prevent cyber attacks
Determine strategies based on the above activities to minimize the likelihood of a cyber attack. Such activities might include deploying specialized antimalware, updating firewall rules and launching an intrusion prevention system.
Evaluate additional strategies, such as training IT staff about the most effective ways to deal with cyber attacks and educating employees about the dangers of an attack. Also, ensure backup copies of mission-critical assets are available.
5. Build and enact a cyber-resilience plan
Structure an effective cyber-resilience strategy to ensure critical operational activities can be recovered and returned to normal operation.
Use cybersecurity and DR plans to maintain IT resilience and prevent unauthorized access by cyberthreat actors. Bring back mission-critical systems to full operation as quickly as possible.
Enhance cybersecurity and DR plans with incident response plans to manage the initial response to a cyber attack. Understand each of these plans complements the other; they should work together rather than at cross-purposes.
Cybersecurity, DR and incident response plans must ensure disparate network elements can be quickly recovered, tested for proper operation and put back into production. Be sure to do the following:
- Arrange with third parties to use their systems, if possible, because replacing unique or special-function systems may be difficult, if not impossible, in a timely fashion.
- Contact manufacturers of special-purpose systems to see how they can assist.
- Maintain a list of cybersecurity software products that might be employed as part of the IT department's short list of cyber-resilience initiatives.
- Consider cloud technology to back up mission-critical elements of a business. Cloud backup is an increasingly popular way to achieve cyber resilience.
- Check in to managed service firms, including cloud vendors, which might offer options such as cybersecurity, DR or BC as a service. These are viable approaches for achieving cyber resilience.
6. Document and ensure availability
Verify procedures to recover operational components are documented, stored in secure locations and available electronically for maximum speed of access. Also, confirm general operational procedures for mission-critical systems are available in case primary operators are not available and other employees must step in to operate these systems.
7. Test and update
Ensure cyber-resilience procedures governing mission-critical company assets and business operations are regularly tested and updated.
Update plans and procedures based on changes in business operations and the results of exercises. Also, patch applications and systems when new updates or patches are available.
In addition, be sure to regularly brief senior management on the state of the organization's cyber resilience.
Bringing it all together
Achieving a viable cyber-resilience strategy depends on the smooth collaboration of several preventive, detective and responsive plans, as well as their associated program activities. Maintenance of up-to-date, documented and regularly exercised cyber-resilience plans can be achieved using a balanced program of activities, including cybersecurity plans, BCDR plans, incident response plans, periodic BIA/risk analysis initiatives and senior management support.